When Suricata 7.0.10 outputs alert logs in eve.json, how can one know which part of the packet's keyword was matched by the rule?

Edison_Chen · April 27, 2025, 3:34am

When Suricata 7.0.9 outputs alert logs in eve.json, how can one know which part of the packet’s keyword was matched by the rule?